PR.IR-02: The organization’s technology assets are protected from environmental threats

Info icon.

Subcategory is new to this version of the framework and incorporates the following item from the previous version: PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Protect organizational equipment from known environmental threats, such as flooding, fire, wind, and excessive heat and humidity

Ex2: Include protection from environmental threats and provisions for adequate operating infrastructure in requirements for service providers that operate systems on the organization's behalf